Vulnerabilities Archives - Page 78 of 85

In a Cybersecurity Vendor War, the End User Loses

Issued by: Dark Reading

When vulnerability information is disclosed without a patch available, users are the ones really being punished. Rarely do you see corporations clash over vulnerability disclosures. It’s almost an unwritten rule that a business wouldn’t participate in improper vulnerability disclosures, but Google has decided to go head-to-head with Microsoft in the release of information after 90…

Vulnerabilities

Temporary Fix Available for Windows GDI Vulnerability

Issued by: Security Week

A temporary fix is available for the Windows Graphics Device Interface (Windows GDI) vulnerability that was disclosed a couple of weeks ago. The flaw was initially discovered by Mateusz Jurczyk, an engineer with Google’s Project Zero team, in March 2016, along with other issues in the user-mode Windows GDI library (gdi32.dll). Microsoft attempted to resolve…

Vulnerabilities

HackerOne Offers Free Service for Open Source Projects

Issued by: Dark Reading

Service aims to provide efficient security programs but projects must meet certain rules to qualify for it. HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe…

Vulnerabilities

Survey Finds Disconnect Between Security Strategy and Execution

Issued by: Dark Reading

Report from Intel Security and CSIS discovers 93% of businesses have cybersecurity strategies, but only 49% fully implement them.

Vulnerabilities

Multiple security flaws found in mainstream robotic technologies

Issued by: Help Net Security

IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack. Attackers could employ the issues found to maliciously spy via the robot’s microphone and…

Network Security, Vulnerabilities

Stop using SHA1: It’s now completely unsafe

Issued by: CIO Security

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be…

Vulnerabilities

Firefox Users Fingerprinted via Cached Intermediate CA Certificates

Issued by: Security Week

An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use…

Vulnerabilities

Hard Drive LED Allows Data Theft From Air-Gapped PCs

Issued by: Security Week

Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs). Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from…

Vulnerabilities

6 Tips for Preventing Laptop Data Theft

Issued by: Dark Reading

Experts point to stronger passwords, full-disk encryption, and multi-factor authentication as ways to stop data theft in the event a laptop is lost or stolen. Anybody can have their laptop stolen. It happened to Hillary Clinton’s campaign last fall, when three laptops were stolen from campaign workers in Philadelphia. In that case, the devices were…

Vulnerabilities

Java and Python FTP attacks can punch holes through firewalls

Issued by: CIO Security

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.